[Bitcoin-development] merged mining hashcash & bitcoin (Re: Coinbase TxOut Hashcash)

John Dillon john.dillon892 at googlemail.com
Tue May 14 02:30:18 UTC 2013

Hash: SHA256

> - what about if a pool could lock the reward (rather than receive it or
>   destroy it) eg some kind of merkle root instead of a public key hash in
>   the reward recipient address field in the coinbase.

Sorry I don't have time for a full reply due to some other commitments, but you
remind me of an idea bouncing around to use a Merkle Sum tree as a way to split
one sacrifice among an arbitrarily large set of users. Credit goes to Gregory
Maxwell (according to the wiki) and the idea is to have the roots of the tree
be account "numbers" (pubkeys here) and account amounts. He proposed it for
off-chain transaction account ledgers, but the idea works equally well here to
split some initial sacrifice into lots of little bits. For instance a on-chain
sacrifice to an anyone-can-pay output could be split into enough parts to make
it useful even when tx fees become large.

Incidentally all this stuff about rivest paywords is probably silly, why not
just commit your sacrifice to a pubkey and make signatures saying what your new
balance is for each message and how much you intended to spend? This allows for
easy fraud proof creation, and gives you a choice of either lying to some
nodes, and getting poor propagation, or being honest and spending the amount
you should have.

For DoS protection it seems to me that mostly trusting nodes to give accurate
balances, enforced with a fraud proof system to halt double-spending, is
perfectly adequate. But no sense implementing so much complexity right at the
start of the effort! Just a thought for where things can go in the future.
Version: GnuPG v1.4.11 (GNU/Linux)


More information about the bitcoin-dev mailing list